Fix ValidIssuers in Client Auth

Gateway/Security/ClientAuthMiddleware.cs

@@ -357,7 +357,11 @@ public sealed class ClientAuthMiddleware
             var validationParams = new TokenValidationParameters
             {
                 ValidateIssuer = true,
-                ValidIssuers = new[] { $"{instance.TrimEnd('/')}/{tenantId}/v2.0" },
+                ValidIssuers = new[]
+                {
+                    $"https://login.microsoftonline.com/{tenantId}/v2.0",
+                    $"https://sts.windows.net/{tenantId}/"
+                },
 
                 ValidateAudience = true,
                 ValidAudiences = validAudiences,